Datasource TLS verification in v.4.6.2 (bug?) + datasource API setup (question)

After updating to Grafana version 4.6.2 (from 4.5.2) datasources became unreachable because of a TLS certificate error, which was resolved by switching on “Skip TLS Verification (Insecure)”.

The error message is as follows:

 **redacted** grafana-server: 2017/11/16 15:11:22 http: proxy error: x509: certificate is valid for **hostname redacted**, not localhost
**redacted** influxd: 2017/11/16 15:11:22 http: TLS handshake error from [::1]:44042: remote error: tls: bad certificate

We are running grafana + influxdb on a single host. We are using TLS for the connection to the datasource (on localhost), with a selfsigned certificate that is indeed not signed to ‘localhost’, but to the fqdn of the server. In this sense, the error message makes sense. The problem is that the behaviour seems to have changed after the update.

My questions:

  • Is this a behaviour that was changed on purpose, and is the intended behavior the one as exhibited in v4.6.2? Or are we dealing with a bug here (as this change effectively temporarily broke our grafana setup)? If this is not intended, i will be glad to file a GitHub issue.

  • How do i define the “Skip TLS verification” setting through the datasource API? I could not find any documentation on this, but perhaps i overlooked something.

Thanks in advance for looking into this.

Yes in v4.6 we changed the default behavior of always verifying certificates, you now have to check Skip TLS Verification (Insecure)” if you want Grafana to accept self signed certs.

Good to know, thanks for clearing that up!

Now my second question;
How do I specify this through the create/update datasource API?
Or is this setting defined elsewhere.
I wasn’t able to find out from the documentation how to accomplish this.
If it’s just there and i overlooked, please point me to the right place.
Again, thank you!


I am facing following error while connecting datasource to MS-SQL server.

Error connecting to datasource: TLS Handshake failed: x509: certificate signed by unknown authority

I tried to changed in default.ini and custom.ini files with setting “tls_skip_verify_insecure = true
but issue not yet resolved.
I am using windows-2017.

1 Like